Questions tagged [statistical-distance]
13 questions
5
votes
1 answer
Noise flooding in Lattices
I noticed that in the paper [HLL24], the authors used the noise flooding technique to choose parameters and complete the proof.
But I am confused that why set $\sigma \ge 2^{\kappa+6}y$ to guarantee the statistical distance between…
ANRIII
- 51
- 2
3
votes
1 answer
Is the first bit preserving version of a PRG also a PRG?
Given that $G$ is a pseudorandom generator from $\{0,1\}^n$ to $\{0,1\}^{l(n)}$, $G'$ defined as follows:
$G'(s) =
\begin{cases}
G(s) \space \text{if the first bit of s and G(s) are the same} \\
G(s)\oplus 100\cdots0 \space \text{if the first…
Greedo
- 33
- 4
3
votes
2 answers
A Smudging Lemma in Lattice
I saw a paper LLW21 in EUROCRYPT 2021 that used this lemma, but there was no proof or references.
How should this lemma be proved ?
constantine
- 311
- 2
- 12
2
votes
0 answers
Prove equivalence of definitions of statistical distance
Let $P$ and $Q$ be two distributions over a finite set $U$.
Given I already proved the following definitions are equilivant:
$$
SD(P, Q) = \underset{S⊆U}{max} \ \left\{ \underset{x←P}{Pr} [x ∈ S] − \underset{x←Q}{Pr}[x ∈ S] \right\}
$$
$$
SD(P,Q) =…
qqq
- 33
- 4
2
votes
1 answer
Statistical Distance and Learning with Rounding
Given an integer $b$ modulo a prime $q$, one can define a `rounding’ function $\lfloor b\rceil_p$ for a prime $p$, $p
a196884
- 381
- 1
- 11
2
votes
1 answer
About the definition of distinguishing advantage and computational indistinguishability
Given a polynomial-time adversary $A$ with binary output, the distinguishing advantage of $A$ with respect two games $G, H$ is defined…
AYun
- 858
- 7
- 13
1
vote
1 answer
Modulo bias: How to compute statistical distance?
Assume we have two uniform distributions $X=U(\mathbb{Z}_m)$ and $Y=U(\mathbb{Z}_n) \bmod m$, for $m,n \in \mathbb{N}$.
The statistical distance is defined as:
$$
\Delta(X, Y) = \frac{1}{2} \sum_{a \in \mathbb{Z}_m} | \Pr[X = a] - \Pr[Y = a] |…
mti
- 697
- 3
- 13
1
vote
0 answers
What is a reasonable statistical distance bound in a SZK construction?
Many works, such as [YCX21] cite that $2^{-40}$ is a reasonable statistical distance for zero-knowledge proof based signatures, even when the security level is $\lambda = 128$.. I was wondering if there is any concrete analysis which motivates this…
Lev
- 466
- 3
- 10
1
vote
0 answers
ddh and statistical distance
Let $\mathbb{G}$ be a cyclic group of prime order q and generated by g. Let $D$ be the uniform distribution over $\mathbb{G}^3$. Let $D_{dh}$ be the uniform distribution over the set of all DH-triples $(g^{\alpha}, g^{\beta}, g^{\alpha\beta})$. Let…
Cristie
- 93
- 3
1
vote
1 answer
How to complete this proof of statistically indistinguishable distributions?
Given that:
$$ SD\bigg( (r, \langle r, s \rangle),(r, b) \bigg) < \mathrm{negl}(n)$$
where $SD$ stands for statistical distance, $r$ is random uniform in $\{0,1\}^n$, $s$ is random uniform in $S \subseteq \{0,1\}^n$ and $b$ is a uniformly…
Anon
- 413
- 2
- 8
0
votes
2 answers
Statistical distance for multiplicative blinding
A common way to mask an integer $x$ in a range is to add a uniformly random integer $r$ from a much larger range. More formally, if $x$ lies in $[0,...,2^k)$ and $r$ in $[0,...,2^{k + l})$, then
$$\Delta(X+R,R) < 2^{-l}.$$
Edit: I mean…
user34968
- 1
- 1
0
votes
0 answers
Can two ciphertexts that decrypt to the same plaintext be statistically "distant"?
It might be a little dumb: I think it should be possible, if I encrypt a plaintext using the same public key twice, it should be possible to end up with two ciphertexts that for whom the statistical distance is non-negligible.
Specifically, I was…
Aryan
- 1